So ComboFix tells me I have Rootkit.ZeroAccess, and further research tells me that this may not be good. In 15 years of working with computers professionally, this is the worst one I've seen, although part of that may be of my own doing.
First off, I know I'm supposed to have logs from DDS. Wish it were that easy. DDS hangs both in normal (tested 10 mins) and safe mode (tested 30 mins). This is the same as ComboFix, which I tested up to an hour and a half in safe mode where it hangs right after alerting me to the Rootkit. (This symptom continues even after everything below.) As a result of no DDS logs, I apologize for the long post but I wanted to provide all potentially relevant information.
Note, before getting to the above steps, I got a clean scan on AVG, Spybot Search & Destroy, and TDSSKiller. Also, I've run Malwarebytes Anti-Malware Pro (trial) which picked up the infection, told me to reboot to clean, and got clean scan after those steps. I still had symptom of PING.exe running in the background and Comodo Firewall was picking up a lot of activity on it.
While going through all these steps, things have been going downhill. When I said DDS & ComboFix hang, cursor remains blinking, but Windows is non-responsive. The DDS & ComboFix windows will not close, although the close button animates to respond to the click. I can get one action in explorer (e.g. attempt to run something on the start menu, ctl-alt-del splash screen and click task manager, use a menu on a system tray icon, click shutdown off the start menu) but although the action seems to complete (e.g. start menu closes after I hit shutdown) the action never takes place. Explorer is then unresponsive to further actions although the mouse is active. This occurs in both normal and safe modes.
As such, I've had probably a dozen hard shutdowns in the past 24 hours. Although the HDD indicator light is inactive, listening carefully to the drive itself, the drive sounds active. I've lost the keyboard and mouse drivers (I've been running on a USB keyboard/mouse instead of built-in keyboard and touchpad), audio driver, and experienced a 0x0a blue screen related to a USB drive I inserted to transfer new diagnostic tools. While trying to fix keyboard/mouse drivers, ran startup repair off of a Win7 Ultimate x86 CD and that picked up some problems (and repaired them). Additionally I've had a few random crashes (literal freeze where mouse freezes as well). Another note: It seems the Windows crashes occur more frequently when I've disabled the wlan card via an external switch on the laptop - not sure if this is coincidence or causal correlation. Seems like corruption, or possibly even newly bad sectors, but I've been mainly focused on this
Regarding my setup: Basic System specs are at the bottom of the post. The system is configured to dual-boot Win7 on an NTFS partition and Ubuntu 11.10 on an ext4 partition. I can use Ubuntu without difficulty, of course, despite the Windows mess. I believe Ubuntu could mount the NTFS partition and that could be used for troubleshooting. Additionally, I have a spare hard drive with a clean install of Win7 Ultimate which I could drop in the laptop and run the problem drive externally.
Because it seems like every troubleshooting step I try that results in a hang and hard shutdown actually sets me back further, I'm done with trial & (certain) error. I apologize for asking for help after creating such a mess. I feel that I should only take steps guided by someone with experience in order to reduce further collateral damage. As such, I haven't taken steps like generating at HJT log in order to avoid another hang/hard shutdown if HJT is unhelpful. I noted the ubuntu-NTFS-mount or run-drive-externally options if it's better to repair first, heal infection later instead of visa versa. I do also have a system restore dated 1/30 available, although the infection only occurred on 2/6 @ 2:30pm PST so I was hoping not to lose a week of system changes unless necessary.
Since my handwriting is horrible and thus I can't get by without a laptop for note-taking for law school, I will have the system with me 24/7. At school, I'd be reduced to transferring utilities from within ubuntu to the Windows partition/USB drive. (Don't want to put Windows on the internet due to infection.) Note: Mouse/Keyboard drivers are corrupted right now on Windows (ubuntu's fine), so I have no way to operate Windows unless I'm near a box where I can borrow keyboard/mouse. At home I have a separate desktop (with keyboard and mouse) so no problem there.
Again, I apologize since I think I've made this more of a mess than needs to be. I thank you in advance for leading me out of the woods.
Layperson's Tech Guru
Tech Guru's worst nightmare
Basic System Specs:
Win7 Home Premium SP1 x86
Dell XPS M1530, 2.4Ghz Core 2, 4gb RAM
edsheadMember Since 08 Feb 2012
Offline Last Active Sep 19 2012 07:27 AM
- Group Honorary Members
- Active Posts 66
- Profile Views 1,152
- Member Title Regular Member
- Age Age Unknown
- Birthday Birthday Unknown
No latest visitors to show